How To Dev - Example: Access to Orion Broker API


Warning message

  • You can't delete this newsletter because it has not been sent to all its subscribers.
  • You can't delete this newsletter because it has not been sent to all its subscribers.


Send data message on Broker: send values of one or more attributes of a device sending data to Orion Broker: please use the call for UPDATE values, POST is not needed.

Please note that at the first registration of a Device /Entity the full set of variables is provided and thus any successive data may arrive by using the PATCH, making POST not needed. If you make some changes on the Device/Entity, the system is also providing the changes into the Storage, and thus after the Device update in structure you can continue to use the PATCH.


This example refers to NGSI V2 ORION Broker

PATCH https://<xxxxx>/orion-broker-XXXX/v2/entities/John_Doe_Question/attrs?type=Sensor&elementid=John_Doe_Question

Authorization: Bearer <accesstoken>


"dateObserved": {

"value": "2023-01-14T01:01:02.000Z",

"type": "string"


"questionnaire": {

"value": "Q1",

"type": "string"



The accesstoken has to be of the device owner or of a user with read-write delegation.

GET last value from Orion Broker (it should be carefully used since the broker does not provide data with the ServiceURI, and does not provide historical data, please use Smart City API)

GET https://<xxxxx>/orion-broker-XXXX/v2/entities/<deviceid>?type=<devicetype>&elementid=<deviceid> &k1=<k1> &k2=<k2>

deviceid, devicetype, k1 and k2 can be retrieved from IoT Directory, K1 and k2 are two keys allowing read/write access to device. For example:

https:// <xxxxx>/orion-broker-XXXX /v2/entities/John_Doe_Question?type=Sensor&elementid=John_Doe_ _Question&k1=<k1>&k2=<k2>

use of k1 & k2 for authentication is very simple, but it deprecated (give complete access to the device).

Using access token is more secure: 

GET https:// <xxxxx>/orion-broker-XXXX /v2/entities/John_Doe_Question?type=Sensor&elementid=John_Doe_Question

Authorization: Bearer <accesstoken>
The access token should be of the owner of the device or of a user that has read only or read/write delegation.